Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎09-17-2015

Logon with authentication radius+ldap

Hi.

 

My wi-fi users logon to the domain by authentication radius and ldap. 

My problem is, a user have a laptop and logon to the domain ok if other user that never work in this laptop try  logon to the domain receive a message "there are no logon servers to authenticate". But if I connect laptop to a wired network the user have success to logon to the domain, and after this he can logon to the domain by network wi-fi. 

Anyone can help? 

Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Re: Logon with authentication radius+ldap

[ Edited ]

You must be doing machine authentication for your domain login to succeed (login scripts).

 

Is your radius server allowing machine authentication and are your 802.1x clients setup for machine authentication?  At minimum, that is necessary to run login scripts or to login to a machine that a user has never logged in before.

 

Since there is no 802.1x connection before a user authenticates, 802.1x will not allow a domain login, UNLESS the machine authenticates first, when the user is at the ctrl-alt-delete screen.  

 

Users who have logged into the machine successfully before will have their username and password cached and a profile built ahead of time, so they will not see that "no domain login" prompt.  New users will not be able to login, however, unless you have machine authentication configured on radius server and client.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎09-17-2015

Re: Logon with authentication radius+ldap

Colin thanks for your response.

 

Our windows administrator read e check configurations, domain users is included in radius server permission.

 

What is stranger is when I try with the other user immediately the laptop response "not servers to logon", it is like  don't try to contact the radius. I suspect the new user can't watch wireless adapter. Understand?

 

I remember when the begin the wireless network any device can login in this SSID Corporate, then the role changed, before the validation to the radius server there is mac authentication.

 

I will continue study.

 

Thks again.

 

Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Re: Logon with authentication radius+ldap

The Domain computers AD group should be allowed, as well.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎09-17-2015

Re: Logon with authentication radius+ldap

Hi Colin.

 

We found the solution. Is it ok with radius and domain servers. The problem was configuration in the laptop.

 

I send the screen. 

 

Thks for your help.

Search Airheads
Showing results for 
Search instead for 
Did you mean: